Event noise reduction indicator for prioritized triage and remediation

Event noise is the term used to describe the hundreds of hourly and daily notifications and alarms (for example, CPU utilization, memory utilization, end user response time) delivered by monitoring systems to IT Ops teams to show the health and performance of infrastructure and applications across their IT environment. Event noise reduction involves reducing the event storm by combining multiple matching events into a single aggregated event. Event noise reduction enables you to perform prioritized triage and remediation.

Noise reduction in BMC Helix AIOps uses an ML-based event correlation algorithm and no-code functionality to deduplicate, reconcile, and group all the events coming from both BMC and third-party tools to create Situations. Creating Situations is achieved in near real-time using event timestamps, message text, and topology.

Related topics

Monitoring-key-performance-indicators-and-entities

Data-sources-for-BMC-Helix-AIOps

Roles-and-permissions

What is the source of events considered for event noise reduction?

To compute the event noise reduction value, BMC Helix AIOps considers ML-based aggregated events, which are derived by using AI/ML algorithms. For more information, see Monitoring-and-investigating-situations.

The noise reduction widget shows the percentage of the all events correlated into Situations. You can view the noise reduction value in percentage and its trend on the Overview page as shown in the following example:

noise_reduction_243.png

Event noise reduction computation

Noise reduction shown on the Overview page is calculated on demand based on ML-based situations. The following computation used to derive the noise reduction percentage.

Noise reduction computation

Noise reduction (%) = {(Total secondary events-Total primary events)/Total events associated with the services}*100

Example 1

Consider the following example to understand how the noise reduction value is computed:

Total number of events associated with services = 50

Total number of primary events (ML-based situations) = 10

Total number of secondary events (events associated with the ML-based situations) = 20

Noise reduction (%) = {(20-10)/50)}*100 = 20%

What are total events, primary events, and secondary events?

 

Total events: Total events are the events that are associated with a service and contain a Service ID. 

  • Total number of events impacting the services.
  • These events must have a service ID and node ID enriched to impact the service.
  • Ok, info, and unknown severity events are not considered for the service impact.
  • Situation class events are not considered, as they are used for ML-based situations.

Primary events:

  • A primary event is an aggregated event that is correlated and created by BMC Helix AIOps, also known as ML-based situations.
  • Primary events are of the class situation with the algorithm name slot as ML.
  • A primary event is an aggregated event derived from several matching events. For example, you can derive a single event from the secondary events listed in the following example: The host1.bmc.com host is shutting down. The primary event should match the following conditions: 
    • Class = Situation 
    • Algorithm Name = ML
    • Relationships = evcount must be greater than 0 and the rstat value must be primary.
      SS30_PrimaryEvent.png

Secondary events:

These are the correlated events that are part of an ML-based situation.

Secondary events are a set of matching events that can be combined to create a single aggregated event. For example, if the host1.bmc.com host is shut down, you may receive several events originating from that host as shown in the following example:

Secondary events

Primary event

application1 is shutting down

The host1.bmc.com host is shutting down

stopped application2

Unable to authenticate application3

Unable to open application5

The secondary event should match the following conditions: 

Relationships = Must contain mlsituation and the relationships.rstat value must be secondary.

SS31_Secondary events.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*